Management of Cryptographically Secure Exchanges of Data Using Permissioned Distributed Ledgers

1. An apparatus, comprising: a communications module; a tangible, non-transitory memory storing instructions; and at least one hardware processor coupled to the communications module and the memory, the at least one hardware processor being configured to execute the instructions to: compute a first hash value based on event data characterizing an occurrence of one or more events within a lifecycle of a product; transmit a request to, and receive a response from, a first computing system across a communications network via the communications module, the request causing the first computing system to execute instructions included within distributed ledger data, and the response comprising a public cryptographic key of a second computing system; generate a symmetric encryption key based on the public cryptographic key of the second computing system; encrypt a first portion of the event data using the symmetric encryption key; compute a second hash value based on the encrypted first portion of the event data and an unencrypted second portion of the event data; generate message data that includes the encrypted and unencrypted portions of the event data and the computed first and second hash values; apply a first digital signature to the message data; transmit, via the communications module, the message data and the applied first digital signature to a second communications system via a secure communications channel, wherein the second computing system is configured to generate elements of the distributed ledger data that confirm a validity of the message data, the generated elements of the distributed ledger data comprising the encrypted first portion of the event data, the unencrypted second portion of the event data, the computed first and second hashes, the applied first digital signature, and a second digital signature applied to the message data by the second computing system, and the elements of the distributed ledger data tracking the occurrence of the one or more events within the lifecycle of the product; transmit, via the communications module, query data to the first computing system across the communications network, the query data comprising an identifier of the product and requesting a status of the product within the lifecycle, the query data causing the first computing system to execute the instructions included within the distributed ledger data and identify, within the elements of the distributed ledger data, status information associated with the product identifier; and receive, via the communications module, a response to the query data from the first computing system across the communications network, the response comprising the identified status information.

2. The apparatus of claim 1 , wherein the at least one hardware processor is further configured to execute the instructions to generate or obtain at least a portion of the event data.

3. The apparatus of claim 1 , wherein the at least one hardware processor is further configured to execute the instructions to: generate a public cryptographic key of the apparatus and a private cryptographic key of the apparatus; and perform operations that store the public and private cryptographic keys within a portion of the tangible, non-transitory memory.

4. The apparatus of claim 3 , wherein: the at least one hardware processor is further configured to execute the instructions to transmit, via the communications module, a message comprising the generated public cryptographic key to the first computing system across the communications network; and the message causes the first computing system to execute the instructions included within the distributed ledger data to generate additional elements of the distributed ledger data that include the public cryptographic key of the apparatus.

5. The apparatus of claim 4 , wherein: the message further comprises data that identifies the apparatus; and the message further causes the first computing system to execute the instructions included within the distributed ledger data to associate, within the additional elements of the distributed ledger data, the public cryptographic key of the apparatus and the data that identifies the apparatus.

6. The apparatus of claim 1 , wherein the at least one hardware processor is further configured to execute the instructions to generate the symmetric encryption key based on an application of a symmetric key generation algorithm to the public cryptographic key of the second computing system.

7. The apparatus of claim 1 , wherein: the tangible, non-transitory memory stores a public cryptographic key associated with the instructions included within the distributed ledger data; the response further comprises a third digital signature applied to the public cryptographic key of the second computing system; and the at least one hardware processor is further configured to: perform operations that verify the third digital signature based on the public cryptographic key associated with the instructions included within the distributed ledger data; and generate the symmetric encryption key based on the public cryptographic key of the second computing system in response to the verification of the third digital signature.

8. The apparatus of claim 1 , wherein: the first portion of the event data comprises sensitive data, and the second portion of the event data comprises insensitive data; and the at least one hardware processor is further configured to execute the instructions to process the event data to identify the first and second portions.

9. The apparatus of claim 1 , wherein: the product comprises an EMV-compatible payment card; the events comprise an issuer event, a personalization event, a decommissioning event, or a delivery event; the product identifier comprises a public cryptographic key associated with the EMV-compatible payment card; and the instructions within the distributed ledger data establish a distributed smart contract.

10. An apparatus, comprising: a communications module; a storage unit storing instructions; and at least one hardware processor coupled to the communications module and the storage unit, the at least one hardware processor being configured to execute the instructions to: transmit a request to, and receive a response from, a first computing system across a first communications network via the communications module, the request causing the first computing system to execute instructions included within distributed ledger data, and the response comprising a public cryptographic key of a second computing system; receive, via the communications module, message data from the second computing system across a second communications network, the message data comprising an encrypted first portion of event data, an unencrypted second portion of the event data, first and second hash values, and a first digital signature of the second computing system, the event data comprises information characterizing an occurrence of one or more events within a lifecycle of a product; generate a symmetric encryption key based on the public cryptographic key of the second computing system; compute a third hash value based on the encrypted first portion of event data and the unencrypted second portion of the event data; decrypt the encrypted first portion of the event data using the symmetric encryption key; compute a fourth hash value based on the decrypted first portion of the event data and the unencrypted second portion of the event data; perform operations that verify an integrity of the received message data based on (i) a comparison of the first and the third hash values and (ii) a comparison of the second and the fourth hash values; in response to the verified integrity, apply a second digital signature to the received message data; generate elements of the distributed ledger data that confirm the validated integrity of the received message data, the elements of the distributed ledger data comprising the encrypted first portion of the event data, the unencrypted second portion of the event data, the first and the second hash values, and the applied first and second digital signatures, and the elements of the distributed ledger data tracking the occurrence of the one or more events within the lifecycle of the product; transmit, via the communications module, query data to the first computing system across the communications network, the query data comprising an identifier of the product and requesting a status of the product within the lifecycle, the query data causing the first computing system to execute the instructions included within the distributed ledger data and identify, within the elements of the distributed ledger data, status information associated with the product identifier; and receive, via the communications module, a response to the query data from the first computing system across the communications network, the response comprising the identified status information.

11. The apparatus of claim 10 , wherein the at least one hardware processor is further configured to: perform operations that validate the first digital signature based on the public cryptographic key associated with the second computing system; and verify the integrity of the received message data based on validation of the first digital signature.

12. The apparatus of claim 10 , wherein the at least one hardware processor is further configured to execute the instructions to: generate a public cryptographic key of the apparatus and a private cryptographic key of the apparatus; and perform operations that store the public and private cryptographic keys within a portion of the storage unit; and transmit, via the communications module, a message comprising the generated public cryptographic key to the first computing system across communications network, the transmitted message causing the first computing system to execute the instructions included within the distributed ledger data to generate additional elements of the distributed ledger data that include the public cryptographic key of the apparatus.

13. The apparatus of claim 12 , wherein: the message further comprises data that identifies the apparatus; and the message further causes the first computing system to execute the instructions included within the distributed ledger data to associate, within the additional elements of the distributed ledger data, the public cryptographic key of the apparatus and the data that identifies the apparatus.

14. The apparatus of claim 10 , wherein the at least one hardware processor is further configured to execute the instructions to generate the symmetric encryption key based on an application of a symmetric key generation algorithm to the public cryptographic key of the second computing system.

15. The apparatus of claim 10 , wherein: the storage unit stores a public cryptographic key associated with the instructions included within the distributed ledger data; the response further comprises a third digital signature applied to the public cryptographic key of the second computing system; and the at least one hardware processor is further configured to: perform operations that verify the third digital signature based on the public cryptographic key associated with the instructions included within the distributed ledger data; and generate the symmetric encryption key based on the public cryptographic key of the second computing system in response to the verification of the third digital signature.

16. The apparatus of claim 10 , wherein: the product comprises an EMV-compatible payment card, the product being associated with a product identifier, the product identifier comprising a public cryptographic key associated with the EMV-compatible payment card; the events comprise an issuer event, a personalization event, a decommissioning event, or a delivery event; and the instructions within the distributed ledger data establish a distributed smart contract.

17. An apparatus, comprising: a communications module; a storage unit storing instructions; and at least one hardware processor coupled to the communications module and the storage unit, the at least one hardware processor being configured to execute the instructions to: generate event data that includes information characterizing an occurrence of one or more events within a lifecycle of a product; compute a first hash value based on the event data; encrypt a first portion of the event data using a symmetric encryption key; compute a second hash value based on the encrypted first portion of the event data and an unencrypted second portion of the event data; apply a digital signature to the encrypted first portion of the event data, the unencrypted second portion of the event data, and the computed first and second hash values; generate elements of distributed ledger data that confirm the occurrence of the lifecycle event, the elements of the distributed ledger data comprising the encrypted first portion of the event data, the unencrypted second portion of the event data, the computed first and second hashes, and the applied digital signature, and the elements of the distributed ledger data track the occurrence of the one or more events within the lifecycle of the product; receive, via the communications module, query data from a first computing system across the a network, the query data comprising an identifier of the product and requesting a status of the product within the lifecycle, the query data causing the at least one hardware processor to execute additional instructions included within the distributed ledger data and identify, within the elements of the distributed ledger data, status information associated with the product identifier; and transmit, via the communications module, a response to the query data to the first computing system across the communications network, the response comprising the identified status information.